59 Top Computer Scientists and Election Security Experts Slam Trump's Assertions as False and Incoherent

Mudge hired as top Twitter security executive, U.S. military buys app data to track primarily Muslim people, Huawei sells phone business but asks UK to reconsider 5G ban, much, much more

In the wake of continued lies by Donald Trump regarding election security and voter fraud, fifty-nine of the country’s leading computer scientists and election security experts signed a letter that rebuked Trump, saying that his false assertions are “unsubstantiated or are technically incoherent” without ever citing him by name. “To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise,” they wrote. The group includes a who’s who in information security, including Matt Blaze, a computer science professor at Georgetown University, Ronald Rivest, a professor at the Massachusetts Institute of Technology and a pioneer in cryptography, Steven M. Bellovin, a computer science professor at Columbia University, Joseph Lorenzo Hall, the senior vice president at the nonprofit Internet Society, J. Alex Halderman, an election security expert, and Harri Hursti, an election security expert. (Nicole Perlroth / New York Times)

Related: USA TodayForbesAlterNet.org, VICE NewsDaily BeastMediaite

Twitter Hires Top Hacker Mudge to Serve as New Security Head

Twitter has hired one of the world’s most highly regarded hackers, Peiter Zatko, widely known by his hacker handle Mudge, to serve as its new head of security, giving him wide latitude to make changes as the social media giant contemplate recent high-profile breaches along with impending antitrust probes. In an interview with Reuters, Zatko said he would examine “information security, site integrity, physical security, platform integrity -- which starts to touch on abuse and manipulation of the platform -- and engineering.” (Joseph Menn / Reuters)

Related: iTnews - SecurityMotley FoolSydney Morning Herald, Channel News AsiaAd WeekNBC News Top StoriesDark ReadingThe Hill: CybersecurityCyberscoopSiliconANGLEDecryptReddit-hackingSydney Morning HeraldRT USAAsia One Digital, Slashdot

U.S. Military is Buying Detailed Location and Movement Harvested From Ordinary But Predominately Muslim-Oriented Apps

The U.S. military is buying the detailed location and movement data from people globally, but particularly those of the Muslim faith, harvested from seemingly ordinary apps, including Muslim prayer, Quran, and data apps. The Pentagon is buying the data through two separate parallel streams. The first comes from a company called Babel Street, which creates a product called Locate X, which has been used by U.S. Special Operations Command (USSOCOM) to assist overseas special forces. The other stream of data comes from a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military. (Joseph Cox / Motherboard)

Related: Business InsiderFuturismInputRT USA VICE News

Apple Addresses Recent Safety Concerns About macOS

Apple addressed safety concerns about macOS that cropped up following a server outage and following a report that some protection measures used against malware raise privacy concerns because they use unique identifiers after users open apps. Apple assured that the security checks in question don’t use Apple IDs but said the company will nevertheless make three key changes in the future. First, Apple plans to introduce a new encrypted protocol for Developer ID certificate revocation checks. The company also promises stronger protection against server failure and an opt-out preference for users. (Stephen Warwick / iMore)

Related: Apple, ibtimes.sg : Top NewsMashableThe VergeMacRumors9to5MacExtremeTechTechCrunchThe Next WebiPhone in Canada Blog, The Mac ObserverPopular ScienceMacDailyNewsSlashGearAppleInsiderUbergizmoArs Technica, TechNaduSecurityWeekData Protection Center,  Six ColorsEngadget

Novel Supply Chain Attack Used by North Korea’s Lazarus Group Exploits Legitimate Security Software, Certificates

A novel supply chain attack used by North Korea’s APT group Lazarus, also known as Hidden Cobra, that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems, was discovered by researchers at ESET. The attack exploits WIZVERA VeraPort, a "program designed to integrate and manage internet banking-related installation programs," such as digital certificates issued by the banks to individuals and businesses,” ESET writes. (Ravie Lakshmanan / The Hacker News)

Related: TripwireSecurity Affairs,  ZDNet SecurityWe Live Security, Reddit - cybersecurity, ThreatpostVerdictSecurityWeek

Game Maker Capcom Offers More Details on Ransomware Attack

Video game maker Capcom offered more details on the ransomware attack, revealed last week, that compromised its gamers’ personal information, saying that its servers were hit on November 2 and that the Ragnar Locker group attackers posted a message saying "make a right decision and save data from leakage,” indicating that Capcom hasn’t paid the ransom. Thus far, Capcom is confirming that only nine people's personal information was definitely compromised, all current or former employees, but that up to 350,000 customers, business partners, and other employees might be affected. (Joe Tidy / BBC News)

Related: WCCFtechMainichiTechNaduKotakuPCMagTech InsiderIGN AllBBC News, Ars TechnicaTechradarSolutions ReviewExplicaTechSpotSlashGearRock, Paper, ShotgunNeowinThe VergeTechradarThe Register

Huawei Decides to Sell Smartphone Business But Wants UK to Revisit 5G Ban in the Wake of Trump’s Defeat

Chinese-based telecom tech giant Huawei is selling its budget brand smartphone unit Honor to a consortium of over 30 agents and dealers in a bid to keep it alive following supply chain sanctions imposed on Huawei that block the company’s access to essential components.

Related: South China Morning PostSlashGearEngadgetGizchina.comReuters: World Newsxda-developersGulf News TechnologyAssociated Press TechnologyGlobalNews.caThePrintPhoneArenaTeller ReportAndroid Central

At the same time, Huawei is hoping the UK will revisit its decision to ban the Chinese telecoms equipment maker Huawei from its 5G network in the post-Trump era. The company urges the British government to say “true to its roots as the birthplace of the first Industrial Revolution,” saying it cannot now afford to fall behind in the 5G revolution. (Patrick Wintour / The Guardian)

Related: EngadgetThe South African

Zoom Launches Notifier That Alerts Organizers That Meetings Are At Risk of Zoombombing

Video conferencing service giant Zoom launched a new feature called At-Risk Meeting Notifier, which alerts conference organizers when their online meetings are at risk of getting disrupted via Zoombombing attacks. The notifier works by continuously scanning public posts on social media and other public sites for Zoom meeting links and then sends an email to conference organizers that they may be exposed to Zoombombing. (Catalin Cimpanu / ZDNet)

Related: The Verge, IT ProCISO MAGDigital TrendsSecurity Affairs

New Chinese APT Group FunnyDream Has Infected More Than Systems in Southeast Asia

A new Chinese APT group called named FunnyDream has infected more than 200 systems across Southeast Asia with malware over the past two years, according to a new report by Bitdefender. The attacks have primarily targeted Southeast Asian governments. Kaspersky Lab has identified FunnyDream targets in Malaysia, Taiwan, and the Philippines, with the most victims being located in Vietnam. (Catalin Cimpanu / ZDNet)

Related: Reddit - cybersecurityBitdefenderThe Hacker News

Other Infosec Developments

  • More than 245,000 Windows systems remain unpatched for the BlueKepp vulnerability a year and a half after Microsoft disclosed it, according to SANS ISC handler Jan Kopriva. That figure represents 25% of the 950,000 systems initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019. (Catalin Cimpanu / ZDNet)

  • South Korean police arrested eight members of a voice phishing crime ring based in China after they were found to have used a North Korean malware-installing phone app. The malware was sent to more than 200 South Korean victims in the last six months, with the suspects stealing more than $1.8 million. (Elizabeth Shim / UPI)

    Related: YonhapNews

  • London startup Harbr, which has built a secure platform to enable big data exchange, has raised $38.5 million in a Series A round led by Dawn Capital and Tiger Global Management, with participation from past investors Mike Chalfen, Boldstart Ventures, Crane Venture Partners, Backed and Seedcamp, alongside UiPath’s founder and CEO Daniel Dines and head of strategy Brandon Deer (Ingrid Lunden / TechCrunch)

  • Ransomware-as-a-Service (RaaS) is becoming a crowded field with currently around 25 RaaS offerings being advertised on the underground hacking scene, according to cybersecurity firm Intel 471.

    Related: Intel471

  • Researchers discovered a wide-ranging global scam targeting Facebook users at VPNMentor after finding an unsecured database used by the fraudsters to store the usernames and passwords of at least 100,000 victims. The cybercriminals were tricking Facebook victims into providing their account login credentials by using a tool that pretended to reveal who was visiting their profiles. They then “used the stolen login credentials to share spam comments on Facebook posts via the victims’ hacked accounts, directing people to their network of scam websites,” according to the VPNMentor report. (Lindsey O’Donnell / Threatpost)

    Related: VPNMentor

Photo by Samantha Sophia on Unsplash